plugins/Hubspot/Public/Authentication/Request-Token.ps1
|
function Request-Token { [CmdletBinding()] param ( [Parameter(Mandatory=$false)][String]$SettingsFile = "./hubspot_token_settings.json" ,[Parameter(Mandatory=$false)][String]$TokenFile = "./hubspot.token" ,[Parameter(Mandatory=$false)][Switch]$UseStateToPreventCSRFAttacks = $false ) begin { } process { #----------------------------------------------- # ASK FOR SETTINGSFILE #----------------------------------------------- #Import-Module PSOAuth #----------------------------------------------- # ASK FOR CLIENT SECRET #----------------------------------------------- # Ask to enter the client secret $clientId = "9c81c39f-97d9-46a9-b6c2-05a3c6211c21" $clientSecret = Read-Host -AsSecureString "Please ask Apteco to enter the client secret" $clientCred = [pscredential]::new("dummy",$clientSecret) #----------------------------------------------- # ASK FOR ANOTHER USER TO ENCRYPT #----------------------------------------------- $encryptScriptBlock = { param($str) Import-Module EncryptCredential $ret = Convert-PlaintextToSecure $str return $ret } Write-Log "It is important to encrypt the client secret." -Severity INFO Write-Log "This module will be called from the Apteco service user and encryption is tied to that." -Severity INFO $registerPsRepoDecision = $Host.UI.PromptForChoice("", "Do you want to use another user than '$( $env:Username )' for encryption?", @('&Yes'; '&No'), 1) If ( $registerPsRepoDecision -eq "0" ) { # Means yes and proceed $credCounter = 0 $taskCredTest = $false Do { $taskCred = Get-Credential -Message "Credentials for executing the task" $taskCredTest = Test-Credential -Credentials $taskCred $credCounter += 1 } Until ( $taskCredTest -eq $true -or $credCounter -ge 3) # max 3 tries If ( $taskCredTest -eq $false ) { $msg = "There is a problem with your entered credentials. Please try again later." Write-Log -Message $msg -Severity ERROR throw $msg } # Create a job to encrypt the secret $secretJob = Start-Job -ScriptBlock $encryptScriptBlock -ArgumentList $clientCred.GetNetworkCredential().password -Credential $taskCred # Wait until job is not running anymore While ( $secretJob.State -eq "Running" ) { Start-Sleep -Milliseconds 100 } # Check the result of the job Switch ( $secretJob.State ) { "Completed" { $encryptedSecret = ( Receive-Job -Job $secretJob ).toString() } "Failed" { $msg = "Job state: Failed! There is a problem with encrypting the secret" Write-Log -Severity ERROR -Message $msg throw $msg } "Stopped" { $msg = "Job state: Stopped! There is a problem with encrypting the secret" Write-Log -Severity ERROR -Message $msg throw $msg } Default { $msg = "Unknown job state $( $secretJob.State )! There is a problem with encrypting the secret" Write-Log -Severity ERROR -Message $msg throw $msg } } } else { # Means no and just encrypt with current user $encryptedSecret = Invoke-Command -ScriptBlock $encryptScriptBlock -ArgumentList $clientCred.GetNetworkCredential().password } #----------------------------------------------- # BUILD THE SCOPE #----------------------------------------------- $scope = @( #"oauth" "crm.lists.read" "crm.lists.write" "crm.objects.contacts.read" "crm.objects.contacts.write" "crm.objects.companies.read" "crm.objects.companies.write" "crm.objects.deals.read" "crm.objects.deals.write" "crm.objects.custom.read" "crm.objects.custom.write" #"crm.objects.feedback_submissions.read" # TODO this is currently under work in Hubspot #"crm.schemas.custom.read" #"crm.schemas.contacts.read" #"crm.schemas.companies.read" #"crm.schemas.deals.read" ) #----------------------------------------------- # SET THE PARAMETERS #----------------------------------------------- $redirectUri = "http://localhost:54321/" $oauthParam = [Hashtable]@{ "ClientId" = $clientId "ClientSecret" = $clientCred.GetNetworkCredential().password # this will be asked for in the next step "AuthUrl" = "https://app.hubspot.com/oauth/authorize" "TokenUrl" = "https://api.hubapi.com/oauth/v1/token" "SaveSeparateTokenFile" = $Script:settings.token.exportTokenToFile "RedirectUrl" = $redirectUri "SettingsFile" = $SettingsFile "Scope" = ( $scope -join " " ) "SaveExchangedPayload" = $true "PayloadToSave" = [PSCustomObject]@{ "clientid" = $clientId "secret" = $encryptedSecret #$clientCred.GetNetworkCredential().password # TODO maybe encrypt this? "redirectUri" = $redirectUri } "TokenFile" = $TokenFile } # Add state to prevent CSRF attacks If ( $UseStateToPreventCSRFAttacks -eq $true ) { $oauthParam.Add("State",( Get-RandomString -Length 24 -ExcludeUpperCase -ExcludeSpecialChars )) } # Empty that variable $clientSecret = "" #----------------------------------------------- # REQUEST THAT TOKEN #----------------------------------------------- Request-OAuthLocalhost @oauthParam #-Verbose #Request-OAuthApp @oauthParam -Verbose #----------------------------------------------- # WRITE LOG #----------------------------------------------- Write-Log "Created a new token" -Severity INFO #----------------------------------------------- # PUT THIS AUTOMATICALLY INTO SETTINGS #----------------------------------------------- $Script:settings.token.tokenFilePath = ( get-item -Path $TokenFile ).fullname $Script:settings.token.tokenSettingsFile = ( get-item -Path $SettingsFile ).fullname } end { } } |